[wp-hackers] Posted Elsewhere Feature
Michael Leuchtenburg
michael at slashhome.org
Mon Sep 20 00:20:26 UTC 2004
Graham Walker wrote:
> I post a comment at Person X's blog, and enter my weblog URL.
> Person X's blog software somehow pings *my* blog, which then (publicly
> or privately) adds Person X's blog entry to my list of "Posted
> Elsewheres."
I can see some interesting security problems with this. If (to be
traditional) Alice has a blog, and Bob wants to mess with Alice, then
Bob can send many of these pings, claiming that you posted there. Your
blog software would pick these up and post them. He could flood out all
of the legitimate conversation.
The only way to avoid this would be to have you post the comment
*through* your own blogging software, and have it talk to the remote
comment system. The remote comments could be flooded, but that can be
done now. Then the system wouldn't open up any new security holes.
--
Michael Leuchtenburg | http://slashhome.org/
cell: 413.433.0739
More information about the hackers
mailing list